RODC環境でドメインに参加するためのスクリプト
実行書式は以下の通り。/readonly を忘れずに。
c:\> joindomain.vbs /domain <domainname> /mchinepassword <事前に設定したコンピューターのパスワード> /readonly
-----------------------------------------------------------------------------------------
' JoinScript.vbs' ' Script to join a computer to a domain.' ''
sub Usage wscript.echo " |------------------------------------------------|" wscript.echo " | Joins a computer to a domain or workgroup |" wscript.echo " |------------------------------------------------|" wscript.echo "" wscript.echo "Usage: " wscript.echo " cscript JoinScript.vbs [/domain <domainname> | /workgroup <workgroupname>]" wscript.echo " [/unjoin] [user <username>] [/password <password>]" wscript.echo " [/machinepassword <password>] [/readonly] [/createaccount]" wscript.echo " [/unsecure]" wscript.echo "" wscript.echo "domain Specifies the name of a domain to join" wscript.echo " This option requires user, password" wscript.echo "" wscript.echo "workgroup Specifies the name of a workgroup to join" wscript.echo "" wscript.echo "unjoin Unjoin from a domain if currently joined." wscript.echo "" wscript.echo "disable Disable the account when unjoining the domain." wscript.echo " This option requires unjoin, user, and password." wscript.echo "" wscript.echo "createaccount Specifies to create the computer account in AD" wscript.echo "" wscript.echo "machinepassword Specifies a password which is used to" wscript.echo " authenticate as the machine account to the DC" wscript.echo "" wscript.echo "readonly Specifies the domain join will be read only" wscript.echo " and will not require a writable DC. This option" wscript.echo " requires machinepassword and that an Administrator" wscript.echo " has pre-created the computer account and set a" wscript.echo " password matching the machinepassword parameter." wscript.echo "" wscript.echo "DC Specifies a DC to use during domain join." wscript.echo " If readonly is specified this is mandatory, otherwise optional." wscript.echo "" wscript.echo "OU Specifies an OU where the machine account is created, this is optional." wscript.echo "" wscript.echo "" wscript.echo "Unsecure Specifies a an unsecure domain join." wscript.echo "" wscript.echo " |------------------------------------------------|" wscript.echo " |Examples: Run 'cscript JoinScript.vbs <args>' |" wscript.echo " | <args>: Choose a scenario below |" wscript.echo " | * Note lines have been wrapped for readability |" wscript.echo " |------------------------------------------------|" wscript.echo "" wscript.echo " Join domain: /domain <domainname> /user <username>" wscript.echo " /password <password> /createaccount" wscript.echo "" wscript.echo " Join domain with existing account: /domain <domainname>" wscript.echo " /user <username>" wscript.echo " /password <password>" wscript.echo "" wscript.echo " Unjoin from a domain: /unjoin /user <username> /password <password>" wscript.echo " " wscript.echo "" wscript.echo " Read Only join domain: /domain <domainname> /machinepassword <password>" wscript.echo " /dc <rodcname> /readonly" wscript.echo "" wscript.echo " Join workgroup: /workgroup <workgroupname>" wscript.echo "" wscript.echo "" wscript.quit -1end sub
'' Get the command line arguments'Set Args = Wscript.Arguments'Set ArgCount = Args.Count
' Validation and Usage if Args.Count = 0 then wscript.echo "Help Requested" wscript.echo "" Usageend if
if Args.Count > 0 then if Args(0) = "/?" or Args(0) = "-?" or Args(0) = "help" then wscript.echo "Help Requested" wscript.echo "" Usage end if if Args.Count < 1 then wscript.echo "Help Requested" wscript.echo "" Usage end ifend if
' NetJoinDomain flagsConst NETSETUP_JOIN_DOMAIN = 1 Const NETSETUP_ACCT_CREATE = 2 Const NETSETUP_ACCT_DELETE = 4 Const NETSETUP_WIN9X_UPGRADE = 16 Const NETSETUP_DOMAIN_JOIN_IF_JOINED = 32 Const NETSETUP_JOIN_UNSECURE = 64 Const NETSETUP_MACHINE_PWD_PASSED = 128 Const NETSETUP_DEFER_SPN_SET = 256 Const NETSETUP_JOIN_READONLY = 2048Const NETSETUP_INSTALL_INVOCATION = 262144
' Local state to track limited parameter validationOptions = 0ReadOnly = 0Unsecure = 0JoinWorkgroup = 0 UnjoinDomain = 0MachinePassword = 0
' Inputs for the join callstrDC = ""strOU = ""strDomainName = ""strDomainNameAndDC = ""strPassword = ""strUserName = ""
' Collect parametersArgNum = 0
do while ArgNum < Args.Count
if Args(ArgNum) = "/domain" or Args(ArgNum) = "/Domain" then strDomainName = Args(ArgNum+1) Options = Options + NETSETUP_JOIN_DOMAIN ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/user" or Args(ArgNum) = "/User" then strUserName = Args(ArgNum+1) ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/password" or Args(ArgNum) = "/Password" then strPassword = Args(ArgNum+1) ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/machinepassword" or Args(ArgNum) = "/MachinePassword" then strPassword = Args(ArgNum+1) MachinePassword = 1 Options = Options + NETSETUP_MACHINE_PWD_PASSED ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/readonly" or Args(ArgNum) = "/ReadOnly" then Options = Options + NETSETUP_JOIN_READONLY ReadOnly = 1 end if
if Args(ArgNum) = "/unsecure" or Args(ArgNum) = "/Unsecure" then Options = Options + NETSETUP_JOIN_UNSECURE Unsecure = 1 end if
if Args(ArgNum) = "/workgroup" or Args(ArgNum) = "/WorkGroup" then JoinWorkgroup = 1 strDomainName = Args(ArgNum+1) ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/dc" or Args(ArgNum) = "/DC" then strDC = Args(ArgNum+1) ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/ou" or Args(ArgNum) = "/OU" then strOU = Args(ArgNum+1) ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/unjoin" or Args(ArgNum) = "/Unjoin" then UnjoinDomain = 1 ArgNum = ArgNum + 1 end if
if Args(ArgNum) = "/disable" or Args(ArgNum) = "/disable" then Disable = 1 Options = Options + NETSETUP_ACCT_DELETE end if
if Args(ArgNum) = "/createaccount" or Args(ArgNum) = "/CreateAccount" then Options = Options + NETSETUP_ACCT_CREATE end if
ArgNum = ArgNum + 1
loop
' Error reportingif ReadOnly = 1 then if MachinePassword = 0 then wscript.echo "ReadOnly requires MachinePassword" wscript.quit(-1) end ifend if
if Disable = 1 and UnjoinDomain = 0 then wscript.echo "Disable is only valid with the unjoin option" wscript.quit(-1) end if
' The username is optional and may need to be NULL when passed to the join API belowif strUserName = "" then optionAux = NULL else optionAux = strUserName
' The OU is optional and may need to be NULL when passed to the join API belowif strOU = "" then optionOU = NULL else optionOU = strOU
' Handle the case where this is a domain join and a DC was specifiedif strDC = "" then strDomainNameAndDC = strDomainName else strDomainNameAndDC = strDomainName & "\" & strDC
wscript.echo strDomainNameAndDC
Set objNetwork = CreateObject("WScript.Network") strComputer = objNetwork.ComputerName
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & strComputer & "'") 'ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainName, strPassword, strDomainName & "\" & strUserName, NULL, NETSETUP_JOIN_DOMAIN + NETSETUP_JOIN_READONLY + NETSETUP_MACHINE_PWD_PASSED)
' Perform the join/unjoin operationif UnjoinDomain = 1 then ReturnValue = objComputer.UnjoinDomainOrWorkGroup(strPassword, optionAux, Options)else ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomainNameAndDC, strPassword, optionAux, optionOU, Options)end if
' Report success messagesif ReturnValue = 0 then if JoinWorkgroup = 1 then wscript.echo "Welcome to the workgroup: " & strDomainName wscript.quit(0) end if
if UnjoinDomain = 1 then wscript.echo "The machine was unjoined from the domain." wscript.quit(0) end if
if JoinWorkgroup = 0 then wscript.echo "Welcome to the domain: " & strDomainName wscript.quit(0) end ifelse wscript.echo "Error: " & ReturnValueend if